Kubernetes quick start¶

This page is for people who are familiar with Kubernetes in general, and want to start using it as quickly as possible.

Requesting access¶

In order to obtain access to Kubernetes, please submit a Kubernetes request . Alternatively you can email your request to support@hpc.ut.ee .

Are you already a member in minu.etais.ee portal?

If you are already a member in minu.etais.ee portal, then you can order the resource directly from there.

Login to minu.etais.ee.
Navigate to Marketplace -> Platform -> Kubernetes Namespace.
Click "Add resource"
Select the organization and project you want the namespace to be created in.
Specify the preferred name for the namespace (We can not guarantee that the name will be accepted as is)
You can specify the hostname / Website URL that you want to use with the namespace (optional)
Specify whether you need GitLab service account to be created (optional)
Specify any additional requests you might have.
Set a name for the resource and add a description.
Click Create

Info

Now you can wait for the request to be processed.

You will receive an email when the namespace is ready or if we have any additional questions.

Polices set access at the tenant/namespace level. This means that you get a namespace and give access to that specific namespace, mostly with administrator permissions.

UTHPC uses a kubeconfig file to permit access to Kubernetes. Certificate and token are inside kubeconfig file. This means you need to have kubectl installed. Users usually get access via their ETAIS account.

Using ETAIS access¶

Kubernetes allows access via the MyAccessID authentication system. This is the easiest way to obtain access to the cluster, as everyone shares the same KUBECONFIG file.

You should still write to support@hpc.ut.ee to get necessary permissions though, as by default, a user has no permissions inside the cluster.

Authenticating via MyAccessID requires completing three additional steps:

Install the kubelogin kubectl plugin. This is required to authenticate with MyAccessID.
Add the shared KUBECONFIG file to your local computer (below). If you add it to ~/.kube/config, which is automatically used for all kubectl commands.
When using this configuration for kubectl, the first command you enter opens a browser window. You can login explicitly also with the kubectl oidc-login login command.
Inside this browser window you can login with any institution's credentials. Upon success, you'll have access to the cluster.

kubectl configuration

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01Ea3hOVEV3TlRFek1Gb1hEVE13TURreE16RXdOVEV6TUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTkt5CnBtNy9BVmFPQStnT1BEQzBtekZ6d0pzRUw3ZkRMN0taR3R1Y3RycUJIR3JaL0MyZ2pJbEpwN2pCZ0FDU0E2eW4KNEhqNXk0UTdTN0s0R0JhbGNya3QrV2duMkwyckxKK0NUYXhiYmh4alczRDR6dEdtanhJTUFSeXRUV2xDL1ZtVAphTUtCZ3pmTFY5LzBPNUxtM1J4cEFMbm9MN1dUS3lyTmxGR29aSWUxbTVjK0JyenZmZjRKa2dmYWVucEw3Uk5CCjM5TDRvQ3NVdFNXeDZUVGNSN25JTHRiUXZZV0doYnE2UHRzS3BDcmxzMXlSazJDS1QwQUI5akFKMHhzakxkckgKZVZEOFROUFl1aEhBRVhLSVZUenVNUm92Q29DZVVnK002Nk9MNHpJem81aFZadFJJRWtkNi9wSTI1NmpsNVFDMQpJZW5KTDFpK2VwazJvQWpac1RNQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNRTRpQldSS0ptRTFaZEFJOTZGbXYzdWdSdkZNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFERXdBem0zd1BIcDcwcFhObHdzNmhTV2ZIRWQ1b1prOWlTSzFMTVhFNm4vZHBCQkhiagpMOUVyVlBnWXlpeFFzZFIwZEtKUEZYQlh5dDlERllPVzJqTzRRMUFBVks1U3RTMjk5K3lZUDBIS1ZrZU5STE40Cm1wbDE0Zy9xNW1mR05pRlIzVm93cmFoR3ZQc1R6bVhScTNMd1pHbFZFSXNRR2w5elhYaVZoV29FTllVN2JTa1IKM0FxS0dQc2VDTmRmTTE3TzVZTno0cUw4VDA1Q21zZ1V3dlUrSU5CdFFIcmxXQVhQN2wyR3h5NzBDdmlxUXh2Qgp2d3NaVkpkcXdJMEg0c3ZWNW5FbElLM2dGY2hsTWoxS2k2RTJORGJNRmY4aWNQc2kxTFo1dllHUnVDVEN2QmgrCnd4eVQwekxRd1A4STBiNWZ5V1V3WnBzMmErcVR3V2xxRVpjdgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://kubernetes.hpc.ut.ee:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: etais-user
  name: etais-user@kubernetes
current-context: etais-user@kubernetes
kind: Config
preferences: {}
users:
- name: etais-user
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - oidc-login
      - get-token
      - --oidc-issuer-url=https://keycloak.hpc.ut.ee/realms/ETAIS
      - --oidc-client-id=kubernetes.hpc.ut.ee
      - --oidc-use-pkce
      command: kubectl
      env: null
      provideClusterInfo: false

Explore key concepts¶

For a deeper understanding of how to use the full potential of the Kubernetes environment, please explore the detailed concept guides. These guides provide explanations and examples into how the managed Kubernetes service is set up.

Available guides¶

Databases - Learn how to deploy and manage databases within the managed Kubernetes cluster.
Ingress - Discover how to set up and configure Ingress objects to manage external access to your applications.
Load Balancers - Understand the setup and usage of LoadBalancer service to manage external access to your applications.
Using storage - Learn how to keep data across Pod restarts, persistently.
GPU Usage - Explore how to utilize GPUs within the cluster for computing-intensive applications.
CI/CD Integration - Get insights into integrating continuous integration and continuous deployment pipelines with UTHPC Kubernetes infrastructure.

Each guide is designed to provide you with the knowledge needed to effectively use and manage the relevant Kubernetes resources. If you're missing some specific feature, feel free to ask HPC support. New operators and extra configurations can be added on request, if it does not negatively impact the cluster's security or usability.

Billing¶

[ALPHA]

Billing is still in [ALPHA] status, meaning it's not properly done. For now, Kubernetes billing works on agreement basis, but we are working towards implementing an understandable and transparent billing structure.